#!/bin/bash
###############################################################################
# Filename: /BRTA_scripts/brta_esxi01_config_backups.sh #
# #
# Written On: October 10, 2022 #
# #
# Purpose: #
# Connects to the ESXi Host linux command line and runs vim-cmd commands #
# to generate a new ESXi configuration backup file. Then we use find and #
# scp to copy the backup to the local server for safe keeping. #
# #
# We'll purge the backups older than 365 days #
# #
# Scheduling this via cron to run nightly at midnight. #
# Log file is kept in /BRTA_scripts/brta_esxi01_config_backups.log #
# #
# Connection to ESXi Host using ssh and key-pair without using password. #
# To use ssh, setup key pair using ssh-keygen from the local host and then #
# copy the authrorized key string to the ESXi /root/.ssh/authorized_keys #
# and also to the ESXi /etc/ssh/keys-root/authorized_keys #
# #
# key-pair example: #
# on local server... #
# #
# ssh_keygen -t rsa -b 4096 <-- press ENTER to all questions, #
# accepting defaults and skip passphrase#
# #
# ssh-copy-id root@<esxi_hostname> <-- this will ask for the password. #
# Copies authorized_keys to #
# ESXi's /root/.ssh/ #
# #
# ssh root@<esxi_hostname> <-- this will ask for password still. #
# we are now at the ESXi host command line #
# #
# on ESXi command line... #
# #
# cat /root/.ssh/authorized_keys <-- then copy resulting contents to #
# /etc/ssh/keys-root/authorized_keys#
# #
# we should now be able to ssh from the local server to ESXi host without #
# interactiverly entering the password. #
# #
# HISTORY #
# Date Version Updated By #
# -------------- -------- -------------------------------------------------- #
# OCT 10, 2022 1.00 BRTA #
# - initial version #
###############################################################################
###############################################################################
# define variables
###############################################################################
PROGRAM_NAME=$0 # <-- filename we are looking at right now.
SYSDATE=`date` #example: Thu Oct 13 10:18:12 CDT 2022
TIMESTAMP=$(date "+%Y%m%d_%H%M%S") #example: 20221013_101812
HOST=`hostname` # <--local server
ESXI_HOST="blah.blah.com" # <-- ESXi Host
TARGET_PATH="/backup_drivebay_1/esxi_configuration_backups" # <-- local path
echo "~~~~~~~~~~~~~"
echo "${SYSDATE} - Beginning ${PROGRAM_NAME}"
###############################################################################
# connect to the ESXi Host and gather the "uname" info about the ESXi version.
# We'll use part of this info in naming the backup so that we know which
# version of ESXi the backup pertains to.
###############################################################################
echo "..Connecting to ${ESXI_HOST} to get ESXi Version and Build Number:"
ESXI_VERSION=`ssh root@${ESXI_HOST} "uname -r"` #example: 7.0.3
ESXI_BUILD=`ssh root@${ESXI_HOST} "uname -v"|cut -d " " -f4` #example: build-19193900
echo "...ESXI_VERSION=${ESXI_VERSION}"
echo "...ESXI_BUILD=${ESXI_BUILD}"
###############################################################################
# connect to the ESXi Host and run vim-cmd commands to generate the backup.
###############################################################################
echo "..Connecting to ${ESXI_HOST} and generate backup file."
ssh root@${ESXI_HOST} "vim-cmd hostsvc/firmware/sync_config; vim-cmd hostsvc/firmware/backup_config"
###############################################################################
# get the backup filename (with full path) from the ESXi Host
###############################################################################
BACKUP_FILE_ON_ESXI=`ssh root@${ESXI_HOST} "find /scratch/downloads -name configBundle*.tgz"`
###############################################################################
# Using scp to copy the backup file from ESXi Host to the local server.
# Renaming the file as it lands on the local server with version and build and
# timestamp in filename.
###############################################################################
echo "..Copying the ${ESXI_HOST} configuration backup file to ${HOST}"
scp root@${ESXI_HOST}:${BACKUP_FILE_ON_ESXI} ${TARGET_PATH}/configBundle-${ESXI_HOST}-${ESXI_VERSION}-${ESXI_BUILD}-${TIMESTAMP}.tgz
###############################################################################
# although the backup file is cleaned up automatically by the ESXi host after
# a few minutes, we are going to force it to be removed immediately using rm.
# The reason we want to remove it immediately is if we ran multiple
# iterations of this script one after another, before the ESXi host would
# have time to automatically clear out the previous backups. In which case
# when we try to copy the backups from the ESXi to the Host we'd find a bunch
# of files when we really only want to grab the last one. That is why we
# forcfully cleanup each time we run this script.
###############################################################################
echo "..Removing backup file from the ESXi host ${ESXI_HOST}:${BACKUP_FILE_ON_ESXI}"
ssh root@${ESXI_HOST} "rm -rf /scratch/downloads/*/configBundle*.tgz"
echo "..Listing the 5 most recent backups (latest are listed at the end):"
ls -tr ${TARGET_PATH}/configBundle*.tgz | tail -n 5
###############################################################################
# Using find with mtime and rm commands to purge backup files older than 365
# days from the local server.
# -maxdepth 0 --> find files in the specified dir, not recursive dirs
# -type f --> find files, not directories
# -mtime 365 --> find files with modified date older than 365 days
# -exec rm {} --> execute the remove command on files found
# \; --> ends the -exec option section
# -print --> display to standard output the files purged
###############################################################################
echo "..Purging backups older than 365 days:"
find ${TARGET_PATH}/configBundle*.tgz -maxdepth 0 -type f -mtime 365 -exec rm {} \; -print
echo "Exiting ${PROGRAM_NAME}"
exit 0
Next I'd like to write a powershell script using vmware PowerCLI cmdlets to send email notifications after each scheduled vcsa file based backup completes. I'm already scheduling nightly backups of vcsa using it's own GUI (vCenter appliance port 5480 GUI) backup scheduling tool, but I don't see where it has a provision for sending email notiifications. If I write my own powershell script I think I can not only schedule the vcsa backups but also figure out how to call an email handler for notifications.~~~~~~~~~~~~~
Thu Oct 13 11:46:12 CDT 2022 - Beginning ./brta_esxi01_config_backups.sh
..Connecting to blah.blah.com to get ESXi Version and Build Number:
...ESXI_VERSION=7.0.3
...ESXI_BUILD=build-19193900
..Connecting to blah.blah.com and generate backup file.
Bundle can be downloaded at : http://*/downloads/525cc1cc-ddf5-b88c-0690-4f3da313a681/configBundle-blah.blah.com.tgz
..Copying the blah.blah.com configuration backup file to bkpsrv.blah.com
configBundle-blah.blah.com.tgz 100% 93KB 14.3MB/s 00:00
..Removing backup file from the ESXi host blah.blah.com:/scratch/downloads/525cc1cc-ddf5-b88c-0690-4f3da313a681/configBundle-blah.blah.com.tgz
..Listing the 5 most recent backups (latest are listed at the end):
/backup_drivebay_1/esxi_configuration_backups/configBundle-blah.blah.com-7.0.3-build-19193900-20221013_101200.tgz
/backup_drivebay_1/esxi_configuration_backups/configBundle-blah.blah.com-7.0.3-build-19193900-20221013_102606.tgz
/backup_drivebay_1/esxi_configuration_backups/configBundle-blah.blah.com-7.0.3-build-19193900-20221013_104348.tgz
/backup_drivebay_1/esxi_configuration_backups/configBundle-blah.blah.com-7.0.3-build-19193900-20221013_113216.tgz
/backup_drivebay_1/esxi_configuration_backups/configBundle-blah.blah.com-7.0.3-build-19193900-20221013_114612.tgz
..Purging backups older than 365 days:
Exiting ./brta_esxi01_config_backups.sh
#!/bin/bash
###############################################################################
# Filename: /BRTA_scripts/brta_esxi01_config_backups-TLS.sh #
# #
# Written On: October 10, 2022 #
# #
# Purpose: #
# Connects to the ESXi Host linux command line and runs vim-cmd commands #
# to generate a new ESXi configuration backup file. Then we use find and #
# scp to copy the backup to the local server for safe keeping. #
# #
# We'll purge the backups older than 365 days #
# #
# Scheduling this via cron to run nightly #
# Log file is kept in /BRTA_scripts/brta_esxi01_config_backups.log #
# #
# Connection to ESXi Host using ssh and key-pair without using password. #
# To use ssh, setup key pair using ssh-keygen from the local host and then #
# copy the authrorized key string to the ESXi /root/.ssh/authorized_keys #
# and also to the ESXi /etc/ssh/keys-root/authorized_keys #
# #
# key-pair example: #
# on local server... #
# #
# ssh_keygen -t rsa -b 4096 <-- press ENTER to all questions, #
# accepting defaults and skip passphrase#
# #
# ssh-copy-id root@<esxi_hostname> <-- this will ask for the password. #
# Copies authorized_keys to #
# ESXi's /root/.ssh/ #
# #
# ssh root@<esxi_hostname> <-- this will ask for password still. #
# we are now at the ESXi host command line #
# #
# on ESXi command line... #
# #
# cat /root/.ssh/authorized_keys <-- then copy resulting contents to #
# /etc/ssh/keys-root/authorized_keys#
# #
# we should now be able to ssh from the local server to ESXi host without #
# interactiverly entering the password. #
# #
# HISTORY #
# Date Version Updated By #
# -------------- -------- -------------------------------------------------- #
# OCT 10, 2022 1.00 BRTA #
# - initial version #
# #
# NOV 15, 2022 2.00 BRTA #
# - Now sending TLS encrypted notifications using mailx and postfix config. #
# postfix configuration is in /etc/postfix/main.cf (owned by root) #
# - /etc/postfix/main.cf configuration file contains the following: #
# smtp_use_tls = yes #
# smtp_tls_security_level = encrypt #
# relayhost = [your_smtp.host.com]:587 #
# smtp_sasl_auth_enable = yes #
# smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd #
# smtp_sasl_security_options= noanonymous #
# inet_protocols = ipv4 #
# home_mailbox = mail/ #
# - /etc/postfix/sasl_passwd contains the following: #
# [your_smtp.hostname.com]:587 donotreply@your_domain.com:passwd #
# - run the following to generate the postfix lookup table: #
# postmap /etc/postfix/sasl_passwd #
# - secure the SMTP account credentials password file: #
# chmod 600 /etc/postfix/sasl_passwd #
# - startup the postfix service: #
# systemctl restart postfix #
# - test outbound email from command line: #
# echo "email body...testing" | mailx -r sender_addr@domain.com -s "Testing - subject" recip_addr@domain.com
# - examine postfix status: #
# systemctl -l status postfix #
# - examine mail log in: #
# /var/log/maillog #
# #
###############################################################################
###############################################################################
# define variables
###############################################################################
PROGRAM_NAME=$0 # <-- filename we are looking at right now.
SYSDATE=`date` #example: Thu Oct 13 10:18:12 CDT 2022
TIMESTAMP=$(date "+%Y%m%d_%H%M%S") #example: 20221013_101812
HOST=`hostname` #example: oel7u9.domain.com <--local server
ESXI_HOST="esxi01.domain.com" # <-- ESXi Host
TARGET_PATH="/backup_drivebay_1/esxi_configuration_backups" # <-- local path
###############################################################################
# email handler variables
###############################################################################
PID=$$ # <-- processID used for email body filename
EMAIL_FILENAME="/tmp/brta-email_body-${PID}.txt"
SENDERS_EMAIL="sender_addr@domain.com"
RECIPIENTS_EMAIL="recip1_addr@domain.com recip2_addr@domain.com"
EMAIL_SUBJECT="[Success] BRTA Custom Backup: ${ESXI_HOST} Configuration to ${HOST}"
echo "~~~~~~~~~~~~~"
echo "${SYSDATE} - Beginning ${PROGRAM_NAME} [v2.00 Nov 15, 2022]"|tee -a ${EMAIL_FILENAME}
echo -e ""|tee -a ${EMAIL_FILENAME}
###############################################################################
# connect to the ESXi Host and gather the "uname" info about the ESXi version.
# We'll use part of this info in naming the backup so that we know which
# version of ESXi the backup pertains to.
###############################################################################
echo "..Connecting to ${ESXI_HOST} to get ESXi Version and Build Number:"|tee -a ${EMAIL_FILENAME}
ESXI_VERSION=`ssh root@${ESXI_HOST} "uname -r"` #example: 7.0.3
ESXI_BUILD=`ssh root@${ESXI_HOST} "uname -v"|cut -d " " -f4` #example: build-19193900
echo "ESXI_VERSION=${ESXI_VERSION}"|tee -a ${EMAIL_FILENAME}
echo "ESXI_BUILD=${ESXI_BUILD}"|tee -a ${EMAIL_FILENAME}
###############################################################################
# connect to the ESXi Host and run vim-cmd commands to generate the backup.
###############################################################################
echo -e ""|tee -a ${EMAIL_FILENAME}
echo "..Connecting to ${ESXI_HOST} to generate backup file."|tee -a ${EMAIL_FILENAME}
ssh root@${ESXI_HOST} "vim-cmd hostsvc/firmware/sync_config; vim-cmd hostsvc/firmware/backup_config"
###############################################################################
# get the backup filename (with full path) from the ESXi Host
###############################################################################
BACKUP_FILE_ON_ESXI=`ssh root@${ESXI_HOST} "find /scratch/downloads -name configBundle*.tgz"`
###############################################################################
# Using scp to copy the backup file from ESXi Host to the local server.
# Renaming the file as it lands on the local server with version and build and
# timestamp in filename.
###############################################################################
echo "..Copying the ${ESXI_HOST} configuration backup file to ${HOST}"|tee -a ${EMAIL_FILENAME}
scp root@${ESXI_HOST}:${BACKUP_FILE_ON_ESXI} ${TARGET_PATH}/configBundle-${ESXI_HOST}-${ESXI_VERSION}-${ESXI_BUILD}-${TIMESTAMP}.tgz
echo -e ""|tee -a ${EMAIL_FILENAME}
###############################################################################
# although the backup file is cleaned up automatically by the ESXi host after
# a few minutes, we are going to force it to be removed immediately using rm.
# The reason we want to remove it immediately is if we ran multiple
# iterations of this script one after another, before the ESXi host would
# have time to automatically clear out the previous backups. In which case
# when we try to copy the backups from the ESXi to the Host we'd find a bunch
# of files when we really only want to grab the last one. That is why we
# forcfully cleanup each time we run this script.
###############################################################################
echo "..Cleaning up files from the ESXi host ${ESXI_HOST}"|tee -a ${EMAIL_FILENAME}
ssh root@${ESXI_HOST} "rm -rf /scratch/downloads/*/configBundle*.tgz"
echo -e ""|tee -a ${EMAIL_FILENAME}
echo -e "..Listing the three most recent backups: "|tee -a ${EMAIL_FILENAME}
ls -t ${TARGET_PATH}/configBundle*.tgz | head -n 3|tee -a ${EMAIL_FILENAME}
###############################################################################
# Using find with mtime and rm commands to purge backup files older than 365
# days from the local server.
# -maxdepth 0 --> find files in the specified dir, not recursive dirs
# -type f --> find files, not directories
# -mtime +365 --> find files with modified date older than 365 days
# -exec rm {} --> execute the remove command on files found
# \; --> ends the -exec option section
# -print --> display to standard output the files purged
###############################################################################
echo -e ""|tee -a ${EMAIL_FILENAME}
echo "..Purging backups older than 365 days:"|tee -a ${EMAIL_FILENAME}
find ${TARGET_PATH}/configBundle*.tgz -maxdepth 0 -type f -mtime 365 -exec rm {} \; -print|tee -a ${EMAIL_FILENAME}
echo -e ""|tee -a ${EMAIL_FILENAME}
echo -e ""|tee -a ${EMAIL_FILENAME}
###############################################################################
# using mailq along with our custom postfix configuration /etc/postfix/main.cf
# to send TLS encrypted email to remote SMTP server.
###############################################################################
cat ${EMAIL_FILENAME}|mailx -r ${SENDERS_EMAIL} -s "${EMAIL_SUBJECT}" ${RECIPIENTS_EMAIL}
echo "cleanup and remove the tmp email body file"
rm -rf /tmp/brta-email_body-${PID}.txt
##########################################################################
######################## END OF EMAIL BLOCK ##############################
##########################################################################
echo "Exiting ${PROGRAM_NAME}"
exit 0
card is probably an intel reference design 550 and will most likely show up as an intel.Ordered an x550-t2 two port 10GBASE-T card for $216.99 on amazon. It's silkscreened with "10GeTek" on the pcb so don't think it is official intel card, but I'm expecting it has an authentic intel chipset and firmware we'll see how well it goes. Should arrive tomorrow and I'm hoping it's plug n play after a reboot. It is in the vmware compatibility guide from 6.7 to latest 8.0u1. I might have to set the new adapters as the ESXi management adapter in the ESXi Console, and I might need to redirect my virtual switches to the new adapters. I'm hoping that is all I'll need to do
Weird that this happened today after 4.5 yrs. Maybe it was the heat because those 10GB copper adapters are always hot even with a fan pointed right on them. I may be moving to SFP+ sooner than later if this card dies too.
Very cool on the X11DPH you are moving to.card is probably an intel reference design 550 and will most likely show up as an intel.
SFP+ if you can. IMHO always better and less stressful to the components. Maybe a melly CX4 10/25gbe card? I believe that is still supported in ESXI 8.
You didn't patch ESXI the night before it died did you? if so I'd be looking to roll back and see if they come back.
FWIW I'm going to start retiring my X10 E5 boards in favor of X11DPH-T's which I have started acquiring... only 5+ years after your original build!
still installing SFP+ cards even though 10GbT is onboard. I'm looking at the melly and chelsio 10/25 nics but have not fully researched nor picked.
ITR
you're welcome. I should note I did not check compatibility nor roadmap for those parts with ESXI as I've dropped my vmug and am in the process of moving to xcpng (for my lab, and my clients). Please do check though for ESXI.I'm going to price out the sfp+ parts list. Thanks for those sfp brand recommendations
That looks like a good switch at that price. It says it can handle SFP and SFP+, it has cli ssh and also a GUI. Only question is if it can use DAC or if requires transceivers. And even so, that's no big deal to me.Check the manual but I believe you're looking for Jumper JPL1 to disable lan1 and lan 2 on the X11DPH-T - I sure hope that would cut the power to the controller. my plan to kill the onboard to use my dual sfp+ cards.
I picked up an inexpensive mokerlink 12 port SFP+ managed L3 switch on AMZ PD for about 230 with sale and coupon. its 270 now.. I have not had time to test that for DAC or RJ45 10G-BaseT operations though. its described as "fiber" and some of the low cost shenzen switches don't support DAC's in the SFP+ pots. I got it to see how it might do for low cost deployments where the staff isn't going to be cli savvy or really prefer GUI. May have time to test it in about 10 days. Not sure what your timeline is.
Hi itronin,I picked up an inexpensive mokerlink 12 port SFP+ managed L3 switch on AMZ PD for about 230 with sale and coupon. its 270 now.. I have not had time to test that for DAC or RJ45 10G-BaseT operations though. its described as "fiber" and some of the low cost shenzen switches don't support DAC's in the SFP+ pots...